Wireless mobile communication devices, which can communicate via one or more of email, phone, SMS messaging, Internet and intranet-based applications, are widely used in business and personal applications. These include self-contained devices, and wireless modems which can be integrated into portable computers. In a typical business environment with multiple users, a plurality of mobile communication devices communicate through a local server, which manages communications traffic and relays communications signals to a telecommunications carrier.
Security is a major concern in such wireless communications systems. Accordingly, the local server encrypts all messages before transmission to a mobile communication device, and encrypted messages transmitted to the mobile communication device are decrypted by suitable software or hardware in the mobile communication device.
The encryption and decryption processes typically operate using a “public key” infrastructure in which a trusted third party certifies the authenticity of the public/private key pair generated by a user. The public key is used to encrypt messages and verify digital signatures while the private key is used to decrypt messages and digitally sign documents. This combination of public and private keys, commonly known as “asymmetric cryptography,” can be used to effectively encrypt messages and create digital signatures, as is well known to those skilled in the art. The wireless component of the communications system is thus secured, so that if the wireless signal is intercepted by a malicious attacker, it cannot be decrypted.
To maximize security in the mobile communications system, a session key is generated each time the user's mobile communication device requests the transfer of a message from the local server to the mobile communication device. The mobile communication device may encrypt a ‘signed only’ message to generate a link between the local server and the mobile communication device at the commencement of each message transfer session, and as part of this process the session key is generated and encrypted with the user's public key.
Memory in the mobile communication device is at a premium, and sometimes messages are too large to conveniently download the entire message to the mobile communication device. Accordingly, the local server typically sends batches or blocks (for example 2 KB) of data to the mobile communication device at one time. For some messages, the first block will include the entire message and the session thus ends as the message transmission is completed. But for larger messages, the remainder of the message data is held back from the mobile communication device until a MORE request for further message data is transmitted to the local server. For example, when the user scrolls down the message to the point where the mobile communication device nears the end of the downloaded block of data, the device automatically sends a MORE request to the local server. Upon receiving a MORE request, the next block of data in the message is transmitted to the mobile communication device.
Whenever a MORE request is received from the mobile communication device, in order to prevent errors in the decrypted message the local server needs to encrypt the next block of data with the same session key as used for the previous block(s) of data. However, it is not desirable to store the session key in the local server, both because this uses additional memory unnecessarily, and because it is advantageous to limit the amount of secret information that must be stored on the local server.
It would accordingly be advantageous to provide a method of creating a secure, reproducible session key and a system utilizing such a method.